The database contained over 3.3 million orders from 2015 to 2020, many of which included uploaded copies of customers’ government-issued identity cards. The vulnerability was addressed after a security researcher notified the store owners.
These policies will also require MFA for per-user MFA users for all cloud apps and for high-risk sign-ins. The policies will be gradually added to eligible Microsoft tenants, and administrators will have 90 days to review and enable them.
The Jupyter Infostealer malware has resurfaced with new techniques, including PowerShell command modifications and the use of signed certificates, to establish a persistent presence on compromised systems.
SIM box fraud is a type of “interconnected bypass” scam, where threat actors intercept international calls and route them to a local device known as a SIM box. This device then routes the connection back into the network as a local call.
Internet-exposed Apache ActiveMQ servers are being targeted by ransomware attacks exploiting a critical remote code execution vulnerability. Over 4,770 vulnerable Apache ActiveMQ servers are at risk of exploitation.
Password health and hygiene have improved globally over the past year, reducing the risk of account takeover. However, password reuse remains prevalent, making user accounts vulnerable to password-spraying attacks.
Security experts took the wraps off of Socks5Systemz, a proxy botnet distributed through PrivateLoader and Amadey, affecting approximately 10,000 systems globally. BitSight mapped at least 53 servers of Socks5Systemz, all located in Europe and distributed across France, Bulgaria, Netherlands, and Sweden. BitSight has shared IoCs for the current threat, which should be used to understand the […]
SideCopy is employing phishing tactics and using compromised domains with reused IP addresses to distribute malicious files and deploy malware, including a Linux variant of the Ares RAT, indicating a multi-platform approach in their attacks.
Election officials in Hinds County, Mississippi, had to rush to complete poll worker training after a breach in early September compromised county computers. This caused a delay in processing voter registration forms.
Post-quantum cryptography (PQC) algorithms should be implemented to replace vulnerable traditional public key cryptography (PKC) algorithms to mitigate the threat of quantum computers.